xab.cat/documents
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
8f385a5f4c
documents/ How to setup NAT on Proxmox 8.0

84 lines
4.2 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

How to setup NAT on Proxmox 8.0
https://blog.amitanvir.info/2023/how-to-setup-nat-on-proxmox-8-0/
Proxmox utilizes bridge networking in order to offer internet access to virtual machines. Furthermore, we need a public IP for each machine. In case we have access to only a certain number of IPs, we can utilize NAT in order to access the Internet on the machines.</p>
<p>However, it is recommended to have a static public IP while running public services. So, lets take a look at how to set up NAT on Proxmox to offer private networks to virtual machines.</p>
<p>This process involves the following steps:</p>
<ol>
<li>Create a bridge</li>
<li>Bring up the NAT bridge</li>
<li>Configure Virtual Machine</li>
<li>Port forwarding to access from the outside world</li>
</ol>
<p>&nbsp;</p>
<ol>
<li><strong> Setup NAT on Proxmox: Create a bridge</strong></li>
</ol>
<p>First, we will log in to the proxmox host ssh and run the following command:</p>
<pre>nano /etc/network/interfaces</pre>
<p>This command opens up the network configuration file.</p>
<pre># network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
auto enp4s0
iface enp4s0 inet manual
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; post-up iptables-restore &lt; /etc/iptables.up.rules
auto vmbr0
iface vmbr0 inet static
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; address AA.BB.CC.DD/28
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; gateway AA.BB.CC.GG
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bridge-ports enp4s0
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bridge-stp off
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bridge-fd 0</pre>
<p>Next, paste the following at the end of the configuration file:</p>
<pre>auto vmbr1
#private sub network
iface vmbr1 inet static
&nbsp;&nbsp; address&nbsp; 192.168.1.1
&nbsp;&nbsp; netmask&nbsp; 255.255.255.0
&nbsp;&nbsp; bridge_ports none
&nbsp;&nbsp; bridge_stp off
&nbsp;&nbsp; bridge_fd 0
&nbsp;&nbsp; post-up echo 1 &gt; /proc/sys/net/ipv4/ip_forward
&nbsp;&nbsp; post-up&nbsp;&nbsp; iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
&nbsp;&nbsp; post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE</pre>
<p>Here,&nbsp;<strong>vmbr0</strong>&nbsp;is the bridge name for NAT while&nbsp;<strong>vmbr1</strong>&nbsp;is the interface configured on the network file. We are setting&nbsp;<strong>bridge_ports</strong><br>
to none as we are not connecting to the outside world directly.</p>
<ol start="2">
<li><strong> Setup NAT on Proxmox: Bring up the NAT bridge</strong></li>
</ol>
<p>The next step involves using the command below to bring up the bridge we configured in the previous section:</p>
<pre>ifup vmbr2</pre>
<ol start="3">
<li><strong> Setup NAT on Proxmox: Configure Virtual Machine</strong></li>
</ol>
<p>This step involves configuring the virtual machine using the IP address. As There is no DHCP service we have to set a manual configuration.</p>
<ul>
<li>IP: 192.168.1.2</li>
<li>Netmask: 255.255.255.0</li>
<li>Gateway: 192.168.1.1</li>
</ul>
<p>We can use the following IPs for further virtual machines: 192.168.1.3 192.168.1.254 &amp; Google DNS for DNS: 8.8.8.8 and 8.8.4.4</p>
<ol start="4">
<li><strong>Setup NAT on Proxmox: Port forwarding to access from the outside world</strong></li>
</ol>
<p>If we are working with a Linux guest, we can access ssh through the public IP of the main server. In this scenario, we will run the following command on proxmox host.</p>
<pre>iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3033 -j DNAT --to 192.168.1.2:22</pre>
<p>In this example, we are forwarding host port 3033 to guest port 22. After that we will run the command below in order to access guest SSH:</p>
<pre>ssh -p 3033 root@AA.BB.CC.DD</pre>
<p>This command will prompt for the password. Once we enter the password, we can successfully connect to guest SSH.</p>
Reference in New Issue View Git Blame Copy Permalink